Taagehornet - Slashdot User

Comment Re:On the value of obscurity vs. security (Score 1) 299

by Taagehornet on Tuesday December 29, 2009 @01:53PM (#30584032) Attached to: GSM Decryption Published

Store the sha1 hash of the password. Then, when the user inputs "open sesame", compare sha1("open sesame") to the stored hash. If they're the same, assume the user input the right password. (Other cryptographic hash functions will do, and you probably want to add salt, but that's the basic idea.)

Well yes, true, that's the basic idea. But as you probably also know, if you really want a secure system there's a lot more to it than just storing a hash along with a salt.

You'll now need to protect the storage where you keep your hashes, to prevent the evildoer from overwriting your hash with a value of his own choosing.

You'll also need to protect the code accessing the storage, as well as every piece of code along the path, to ensure that the evildoer doesn't shortcut the authentication.

It doesn't exactly make your life any easier that we're talking about Windows 95 here. All jokes aside, I sincerely doubt that this would even be possible without a complete rewrite of the OS.

But yes, if you are on a system that gives you all that you need for free without adding to the complexity of your code then by all means, go for the secure solution.

Comment Re:On the definition of "obscurity" (Score 1) 299

by Taagehornet on Tuesday December 29, 2009 @09:14AM (#30581240) Attached to: GSM Decryption Published

For instance, the windows 95 screen saver password (at most 14 characters) was stored in the registry, xor'ed with a fixed key of length 14. Probably a const char screen_saver_xor_pad[14] = [...], "safely" hidden away in some undisclosed source code. Security by obscurity.

Storing passwords securely is anything but trivial, and in almost all other situations I'd suggest a slightly more advanced approach. In this case however I'd say that the simple XOR does the job quite well: It ensures that an evildoer glancing over your shoulder while you browse your registry won't be able to snoop your password, as memorizing a sequence of 28 semi-random hexadecimal digits is quite a lot harder than memorizing say 'Open Sesame'. Yes, it's hopelessly insecure if the evildoer gains access to your box, but in that case loosing your screen saver password should be the least of your worries.

A significant part of the job of designing secure systems is identifying when it's necessary to roll in the big cannons.

I'm not too sure that we disagree on anything at all here. I just thought it interesting that you brought up an example where security through obscurity was plenty sufficient.

Comment Re:Depends on the goals (Score 1) 558

by Taagehornet on Friday December 18, 2009 @10:26AM (#30486848) Attached to: Has a Decade of<nobr> <wbr></nobr>.NET Delivered On Microsoft's Promises?

[...] modern and useful layers of abstraction and code checking that were already in Java (typed delegates, generic types, garbage collection, etc)

I'm not trying to start a war here, but Java delegates?

Also Java's Generics by Type Erasure are nothing more than compiler inserted typecasts - I imagine Sun wanted to maintain compatibility with existing JREs - whereas C#/CLI generics are the real thing.

Java is still there.

True, and Java will probably be around longer than any of us, but while C# seems to be alive and thriving (LINQ, lambda-expressions, inferred types), it looks to me as if Java has lost much of its momentum.

Lack of Manpower May Kill VLC For Mac 398

Posted by timothy on Wednesday December 16, 2009 @05:53PM from the vlc-generally-rocks dept.

plasmacutter writes "The Video Lan dev team has recently come forward with a notice that the number of active developers for the project's MacOS X releases has dropped to zero, prompting a halt in the release schedule. There is now a disturbing possibility that support for Mac will be dropped as of 1.1.0. As the most versatile and user-friendly solution for bridging the video compatibility gap between OS X and windows, this will be a terrible loss for the Mac community. There is still hope, however, if the right volunteers come forward."

Mozilla Exec Urges Switch From Google To Bing 527

Posted by timothy on Friday December 11, 2009 @09:08AM from the what-about-flimpy-and-torgo? dept.

Andorin writes "Asa Dotzler, Mozilla's director of community development, has published a brief blog post in which he recommends that Firefox users move from using Google as their main search engine to Bing, citing privacy issues. Disregarding the existence of alternative search engines such as Ask and Yahoo, Dotzler asserts that Bing's privacy policy is better than Google's. Dotzler explains the recommendation with a quote from Eric Schmidt, CEO of Google: 'If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place. If you really need that kind of privacy, the reality is that search engines — including Google — do retain this information for some time...' Ars Technica also covers the story."

Submission + - EU Objects to Oracle's Purchase of Sun (pcpro.co.uk)

Submitted by

eldavojohn

on Tuesday November 10, 2009 @05:37AM

eldavojohn writes: "The EU has presented both companies with a statement of objections. Despite Marten Mickos' (former MySQL CEO) promoting the deal, the statement seems to focus entirely on what many have feared: MySQL Vs Oracle Databases. From the 8-K SEC filing from Sun, "The Statement of Objections sets out the Commission's preliminary assessment regarding, and is limited to, the combination of Sun's open source MySQL database product with Oracle's enterprise database products and its potential negative effects on competition in the market for database products." EU and EU Commissions are generating a bit of a history of disagreeing with US counterparts."

Inside the Windows 7 Launch Party Pack 267

Posted by ScuttleMonkey on Friday October 09, 2009 @04:07PM from the too-long-since-microsoft-had-fun dept.

Barence writes to tell us that it seems Microsoft has been grinding away in the corporate world for so long, they have forgotten what "fun" means. PC Pro managed to get their hands on one of the "party packs," and it seems woefully inadequate. Nowhere did we see a pin-the-chair on the Ballmer game, giveaways that you might actually use, or even a few balloons or streamers. Instead, the only reason to get a party pack seems to be the free copy of Windows Ultimate Signature edition, which doesn't do much for your party guests (unless you burn them all copies I guess, but we would never condone that). All-in-all, it seems that Microsoft should have gone to the nearest dorm room and asked for some pointers on how to have a good party.

NVIDIA To Exit Chipset Business 185

Posted by kdawson on Friday October 09, 2009 @12:20PM from the told-you-so dept.

The rumor that we discussed a few months back is looking more real. Vigile writes "Once the darling of the enthusiast chipset market, NVIDIA has apparently decided to quit development of future chipsets for all platforms. This 'state of NVIDIA' editorial at PC Perspective first highlighted the fact that the company was backing away from its plans to develop a DMI-based chipset for Intel's Lynnfield processors due to legal pressure from Intel and debates over licensing restrictions. That effectively left NVIDIA out in the cold in terms of high-end chipsets, but even more interesting is the later revelation that NVIDIA has only one remaining chipset product to release, what we know as ION 2, and that it was mainly built for Apple's upcoming products. NVIDIA still plans to sell its current offerings, like MCP61 for AMD platforms and current generation ION for netbooks and nettops, but will focus solely on discrete graphics options after this final release."

Eolas To Sue Apple, Google, and 21 Others 252

Posted by kdawson on Tuesday October 06, 2009 @05:56PM from the foaming-cleanser dept.

vinodis and several other readers sent along the news that Eolas is suing 23 companies including Apple and Google for patent infringement. The company won $585M from Microsoft in a drawn-out, 9-year battle that the companies settled in 2007; in the course of it the USPTO upheld the "906" patent several times. Now, Eolas is also in possession of a newly-issued patent that they claim covers the use of any browser plugin with AJAX. Let's see how far this lawsuit gets before the Supreme Court plays its wildcard in the Bilski case, which we have been discussing for a while now.

Software To Flatten a Photographed Book? 172

Posted by kdawson on Sunday September 27, 2009 @04:01PM from the shadows-in-the-gutter dept.

davidy writes "I have photographed some pages of a book for reading on my PDA. This is much faster than scanning and I don't have to carry the heavy books. However, the photographed books are not as nice: curved, skewed, and shadowed, as opposed to the much flatter, cleaner scanned books. I have searched for software that can flatten the pages for better reading on the PDA. So far I have come across Unpaper and Scan Tailor. Unpaper doesn't seem to have a windows GUI, and Scan Tailor doesn't unskew well. I remember reading about Google's technique of converting books to e-books with a camera and a laser overlay. Is there any home user software that can do a similar job without the need for a laser overlay or other sophisticated (and patented) technology?"

Submission + - The Pirate Bay is sold, and on its way to legality (pcpro.co.uk) 1

Submitted by

MattSparkes

on Tuesday June 30, 2009 @05:43AM

MattSparkes writes: "A Swedish software firm is buying The Pirate Bay and turning it into a legal business. Global Gaming Factory X (GGF) has also bought peer-to-peer research firm Peerialism. The two purchases are expected to form the basis of a new, legal download service. It's a bold move, especially as it comes in the same week that the four founders of The Pirate Bay had their application for a retrial rejected by a Swedish court."

Comment Re:The alternative is much worse (Score 1) 283

by Taagehornet on Monday June 29, 2009 @07:31PM (#28521681) Attached to: Google Claims They "Just Aren't That Big"

Then your Firefox installation has somehow gotten borked.

On a fully patched XP system with Firefox 3.0.11 set as the default browser Explorer launches FF as it should.

Actually, I just checked on a second system, same thing. So, it's at most a 33% lie ;-)

Comment Re:The alternative is much worse (Score 1) 283

by Taagehornet on Monday June 29, 2009 @04:01PM (#28518655) Attached to: Google Claims They "Just Aren't That Big"

I want a file browser for examining my filesystem so I can copy, move, delete, or rename them, or open them with a specified application.

Actually that's what you're getting. Explorer != IE.

If you type a URL in the address bar of Explorer, it'll launch your default browser, and not IE as the GPP wrongly claims.

Comment Re:The alternative is much worse (Score 1) 283

by Taagehornet on Monday June 29, 2009 @03:03PM (#28517801) Attached to: Google Claims They "Just Aren't That Big"

XP still opens IE when you type a url into the adress bar of Explorer

Only if you've set IE as your default browser.

Comment Re:Surprised (Score 4, Informative) 161

by Taagehornet on Wednesday June 24, 2009 @02:32PM (#28456261) Attached to: Rapidshare Ordered To Filter Content

Mininova and other websites took over as the leading Torrent hubs.

Just to correct an all too common misunderstanding, Mininova really cannot be compared to The Pirate Bay.

Mininova is nothing more than an index. Mininova does not operate a tracker. The majority (if not all) of the torrent files found at Mininova would be pretty useless if the Pirate Bay servers weren't around to do the heavy lifting.

The torrent network really isn't as decentralized as most people seem to think; torrent traffic would take a major hit if the servers at TPB were shut down ...at least for a while.

Slashdot Top Deals